Measures used in this study

The Public’s Comfort with Sharing Health Data with Third-Party Commercial Companies for Patient and Business Purposes

To explore public comfort with sharing health data with third-party commercial

companies for patient purposes, respondents answered questions about “how comfortable” they were with three statements regarding data sharing with third-party commercial companies, each along a 4-point Likert scale. Participants were asked “How comfortable are you with a third-party commercial company using your DNA and health information to improve the diagnosis and treatment of cancer in other patients?” and “How comfortable are you with a third-party commercial company developing predictions about how you will respond to a particular cancer treatment?: “not at all comfortable” (1), “somewhat comfortable” (2), “fairly comfortable” (3), and “very comfortable” (4). Participants were also asked “how true” it was that “The

organizations that have my health information and share it can use large amounts of data to

To examine participant comfort with sharing health data with third-party commercial companies for business purposes, participants were asked “How comfortable are you with a third-party commercial company storing your DNA and health information?”; “How comfortable are you with a third-party commercial company sharing predictions about how you will respond to cancer treatment with insurance companies?”; and “How comfortable are you with a third-party commercial company selling de-identified health information to a pharmaceutical

company?”. “Business purpose” in this research is understood as storage of health data beyond the purposes of clinical care and sharing information with third-party commercial companies to improve their own business processes without explicitly stated direct benefit to patients.

Respondents were provided with the options “not at all comfortable” (1), “somewhat

comfortable” (2), “fairly comfortable” (3), and “very comfortable” (4). Indices for data use for patient purposes and business purposes were then calculated as the sum of participant responses to the three questions in each index divided by the number of questions.

The Cronbach’s alpha for these questions was 0.766 for comfort with sharing health data with third-party commercial companies for patient purposes and 0.786 for comfort with sharing health data for business purposes.

Privacy Concerns

To measure individual privacy concerns, respondent privacy attitudes were evaluated using a 4-item index. These questions assessed respondent’s beliefs about the privacy measures used by their healthcare system and whether they have concerns that personal health information about themselves is being misused or could be used in a way that is harmful. The component questions for the privacy index are: “a) My healthcare system respects my privacy; b) I worry that private information about my health could be used against me; c) I worry my health information is available to people who have no business seeing it; d) There are some things I would not tell my healthcare providers because I can’t trust them with the information”. Each item asked respondents to rate “how true” each was for themselves on a Likert-type scale ranging from 1 (not true) to 4 (very true). The final privacy index score reflects the average of

each participant’s response to these four questions. The Cronbach’s alpha was 0.771 for the questions used in the privacy concerns index.

Trust in the Healthcare System

Trust in the healthcare system, or system trust, is measured in this study using a modified version of the Platt et al. (2018) System Trust Index. The index was originally conceptualized as a composite index of three dimensions of system trust – competency, fidelity, and integrity (Platt et al., 2018). Component questions for the index asked participants to rate “how true” the

following statements were “about the organizations that have your health information and share it”: “a) …try hard to be fair in dealing with others; b) …would try to hide a serious mistake they made; c) …would never mislead me about how my health information is used; d) … have specialized capabilities that can promote innovation in health; e) … can be trusted to use my health information responsibly; f) … think about what is best for me; and g) …act in an ethical manner”. Respondents rated “how true” each statement was for themselves on a Likert-scale ranging from 1 (“not true”) to 4 (“very true”). The final system trust index score reflects the average of the participant’s responses to each of these seven questions. The Cronbach’s alpha was 0.845 for questions contributing to the system trust index.

Provider Trust

Provider trust is evaluated here using a 4-item index assessing respondent’s trust in their healthcare providers. Component questions for this index are: a) “Health care providers care most about making money for themselves”; b) “Health care providers do not care about helping people like me”; c) “I trust health care providers to use my health information responsibly”; d)

“All things considered, health care providers in this country can be trusted”. Each item asked respondents to rate “how true” each question was for themselves on a Likert scale ranging from 1 (“not true) to 4 (“very true”). The final provider trust score is the total of each response divided by the number of questions for the index (4). The Cronbach’s alpha for the questions

contributing to the provider trust index is 0.697. Provider trust questions were used in a previous study by Platt et al. (2019).

Respondent altruism is measured in this study using a 4-item index that asks “how true”

the following questions are for the respondent on a Likert scale ranging from 1 (“not true”) to 4 (“very true”): a) “I find ways to help others less fortunate than me”; b) “The dignity and well-being of all should be the most important concern in any society”; c) “One of the problems of today’s society is that people are often not kind enough to others”; and, d) “All people who are unable to provide for their own needs should be helped by others”. Respondents’ altruism index scores are calculated as the average of their responses to these four questions. The Cronbach’s alpha is 0.711 for questions contributing to the altruism index.

Experience of a past data breach

To find out whether respondents had their data compromised in the past, and explore the impact this experience might have on the respondent’s comfort with sharing health data with third-party commercial companies, respondents were asked “Have you ever experienced

problems with stolen or misused information?”. Response options to this question were a) “Yes – I am currently experiencing problems”; b) “Yes – but all problems have been resolved”; and c)

“No – I have not experienced any problems within the past five years”. A second question was used to capture experience of a data breach: “I believe my financial information has been compromised as the result of a data breach or hacking”. For this question respondents could answer “yes” or “no”.

Concern about recent events and breaches

To evaluate the effect of recent data breaches or misuse of health information on comfort with sharing health data with third-party commercial companies, we selected a sample of recent events varying in industry and scale of impact and asked respondents “how concerned” they were about the following selection of events: a) “Concern about Facebook sharing information with Cambridge Analytica for political purposes”; b) “Concern about data breach of people’s social security numbers and driver’s license numbers at Equifax”; c) “Concern about Memorial Sloan Kettering hospital executives using hospital data for their own startup company”; d)

“Concern about Marriot data breach of passport numbers and credit card numbers.” Respondents answered on a Likert-scale from 1 (“not at all concerned”) to 4 (“very concerned”).

3.3.4 Data Analysis

For this analysis we first generated summary descriptive statistics on respondent characteristics (demographics), privacy concerns, system trust, provider trust, altruism, experience of a data breach and concern about recent events. A paired t-test examining the difference between comfort sharing health data with commercial companies for patient purposes and comfort sharing health data with commercial companies for business purposes was

conducted to determine whether the difference between the two means is statistically significant.

Weighted Ordinary Least Squares (OLS) Regression analysis was used to estimate the linear relationship between comfort with third-party commercial companies for patient and business purposes and each demographic and health variable separately. We then estimated a multivariable model with all demographic and health variables and conducted a stepwise

regression model to identify a parsimonious set of variables that explained the greatest amount of variability in the two outcomes – comfort with sharing data with commercial companies for business or patient purposes. For the stepwise regression model, we set statistical significance at a=0.05 (p<0.002) for inclusion and a=0.01 for exclusion, applying a Bonferroni correction to minimize Type I error. To enable comparison of effect sizes, regression coefficients were normalized (mean = 0, SD = 1).

3.4 Results

To examine predictors of comfort with third-party commercial companies using health information for patient and business purposes, we first examined the descriptive statistics for each of the independent variables and then conducted univariable and multivariable stepwise regression to identify predictors. Statistical significance was set at the 0.05 level.